Hackers have published the credit card details for the complete subscriber base of security intelligence firm StratFor on the open web, as well as the usernames and passwords of around half a million corporate and government customers.
Earlier this week the loose-knit Anonymous group had already posted close to 50,000 credit card details over the Christmas period after gaining access to StratFor’s servers.
Today the group released the full list of credit card details, plus what it claimed were 860,000 registration (username and password) details.
Closer analysis of the data reveals that many entries are duplicated once or twice in the database, making it difficult to analyse the true number of victims.
Regardless, the StratFor hack represents one of the single largest security headaches for Australia's corporate and government sectors.
The full registration list includes entries for just about every State and Federal agency in Australian government, including:
(NB – at least one in three were duplicate entries.)
Australia’s corporate sector didn’t get off lightly, with users from 15,000 .com.au addresses (not filtered for duplicates) exposed, particularly in the banking, insurance, superannuation, mining and energy sectors.
Victims included employee accounts from:
ActewAGL, Alcoa, Allens Arthur Robinson, Allianz, AMP, The Australian Stock Exchange, AXA, the Bank of South Australia, BankWest, BHP Billiton, Boral, CGU, Challenger, Coles Myer, Colonial First State, The Commonwealth Bank, Fairfax, HSBC Australia, ING Direct, Inpex, Insurance Australia Group, Investec, Lend Lease, Macquarie Bank, Mirvac, MLC, National Australia Bank, Newcastle Permanent, Newcrest Mining, News Limited, NRMA, Origin Energy, Perpetual Private Wealth, Qantas, Rio Tinto, SA Water, Southcorp, Suncorp, Sun Super, Star Track Express, Sunrice, Sydney Water, Tabcorp, Telstra, Virgin Blue, Water Corporation, Westpac, Woodside Energy and more.
There were also 2500 addresses from Australian academics exposed (unflitered for duplicates), as well as a large number of private users.
Not quite a Robin Hood exercise
The hackers behind the massive data breach had attempted to use some of the compromised credit card details to donate funds to various charities, but the ‘Robin Hood’ strategy appears to have backfired.
One of the recipients of donations has asked that the hackers cease the practice, as charge back fees for fraudulent transactions come at a cost to the recipient.
The Appropriate Infrastructure Development Group (AIDG) has called for the hackers to not donate money to the charity using stolen credit card accounts, telling supporters on Twitter that “we get hit $35 per fraud[ulent] transaction” in charge back fees.
Copyright © iTnews.com.au . All rights reserved.
Issue: 316 | July 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.
